Setup Access Gateway as an IDP for BioSig-ID SSO

This Integration Guide will walk through the steps required to setup Access Gateway as an IDP for BioSig-ID SSO into EBS.

Access Gateway IDP Setup

Follow these instructions to prepare your Access Gateway Instance for IDP Setup and Configuration.

You must have an admin login for the Access Gateway Admin Console. You must have a properly configured Access Gateway instance.

Adding Local Auth Module

Once you verify that Access Gateway is up and functioning properly, begin by adding a Local Auth Module.

  1. In Settings, locate the Auth Modules tab.

  2. Click + and select Local Auth to add the module.

  3. Click the Okay button to create the Auth Module.

  4. After creating the Local Auth Module, verify that the module says Valid

Adding Local IDP

  1. Navigate to the Identity Providers tab.

  2. Click the + button and select Local SAML IDP.

  3. Enter BioSig for the Local SAML IDP Name.

  4. Enter a chosen IDP Host URL and the matching Cookie Domain.

  5. Select the Local Auth Module that you created earlier as the Default Auth Module.

    The IDP Host URL must match the cookie domain for the Gateway and must be unique to the environment.

  6. Before you can verify the Host, you must Enter the Local IDP Hostname to your DNS Server and to Access Gateway’s Host File.

    For additional help with adding the Local IDP Hostname to your Host File, see the Appendix.

  7. Select email and Email Address as the app attributes for the Name Attribute and Name Attribute format fields.

  8. Click Okay to continue with IDP creation.

Adding SAML Auth Module

  1. Once you have configured the Local IDP, navigate back to the Auth Modules tab.

  2. Click + and select </> SAML to add the module.

  3. Select the Local IDP Domain that we previously created from the dropdown menu.

  4. Copy the BioSig-ID Metadata File from a text editor, and click the Register IDP Metdata button.

  5. Paste the BioSig-ID Metadata in the SAML Upload Wizard, and click Validate.

  6. Log in to your Salesforce Org and search for the Single-Sign-On settings.

  7. Click Done

  8. Click Okay to create the Auth Module.

  9. Once the Auth Module has been sucessful validated, click the Investigator Icon to simulate BioSig-ID Access.

    If you need additional assitance setting up your BioSig-ID Account, please reference BioSig-ID's Account Creation Whitepage.

Configurating Local IDP

  1. Click the Identity Providers tab.

  2. Click the Pencil Icon to Edit the previously created Local IDP.

  3. In the Local IDP, replace the Local Auth Module with the newly created SAML Auth Module.

  4. Confirm that the Name Attribute field contains nameid and that the Name Attribute format contains Unspecified.

  5. Click Okay.

  6. Click the Auth Modules tab, and locate the Local Auth Module.

  7. Click the Trash Icon to Delete the Local Auth Module.

Confirm Access Gateway BioSig-ID Integration

  1. Once you have configurate both the SAML Auth Module and Local IDP navigate to the Auth Modules tab.

  2. Click the Investigator Icon to simulate BioSig-ID User Access.

  3. On the BioSig-ID page enter your assoisated email address.

  4. Validate your identity with by drawing your four digit pin.

  5. Click Validate

  6. Upon sucessful completion you should see the following pages confirming your Access Gateway Identity.

Setup Local IDP for Oracle EBS

  1. Navigate to the Applications tab.

  2. Click the + Add button to add an application to your Local IDP.

  3. Select Oracle Access Gate from the list of application and click Create.

  4. Enter the following information into their corresponding fields.

    Public Domain: oag-idcs-demo-ebs.okta.info
    Protected Web Resource: http://epcebs122.idc.oracle.com:8000
    Post Login URL: https://oag-idcs-demo-ebs.okta.info/accessgate/ssologin
    

    In order to validate the Public Domain and Protected Web Reource you must first add the ip and domain information into the Access Gateway's host file. See Appendix for more details.

  5. Click Next

    OID Host: natoindia.oracledemo.com
    OID Port: 3060
    Base: cn=Users,dc=oracledemo,dc=com
    

    Click Next.

    +

  6. Edit both App Attributes to match the following.

  7. Click Next

  8. Click Done

  9. In order to SSO into EBS navigate to the Applications tab.

  10. Click the GoTo button and select IDP Initiated.

  11. Lastly, you will be directed to Sign-In via BioSig-ID and ported into Oracle EBS.

Appendix

Add the local IDP Host name in the Management Console

In order to verify the Local IDP Hostname, you must add it in the Management Console.

  1. Start the Access Gateway VM and open a terminal window. The default credentials for the Management Console are listed below.

    Username: oag-mgmt
    Password: "default password"
    

  2. In the Management Console, Press 1 to enter Network Settings.

  3. Press 4 to navigate to Edit /etc/hosts

  4. Click Add Entry and enter the IP Address and Hostname of your local IDP.

  5. Press C to commit these changes to /etc/hosts Editor.

  6. Press R to Restart the Network.

  7. Return to the browser to finish the IDP Integration.